Lucene search
K

77 matches found

NVD
NVD
added 14 hours ago7 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS
Exploits0References3
Debian CVE
Debian CVE
added 15 hours ago5 views

CVE-2026-56016

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

5.9CVSS5.8AI score
Exploits0
NVD
NVD
added yesterday7 views

CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2025-210374

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS5.8AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-48781

Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWTSECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from...

9.9CVSS0.00209EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 5:16 a.m.11 views

CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.8 views

CVE-2026-34460

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause ...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 4:25 p.m.18 views

CVE-2026-9095

Casdoor CVE-2026-9095 affects versions 2.362.0 and earlier. The ParseSamlResponse() in object/saml_sp.go maps retrieved SAML assertions directly to user sessions without replay protection, lacking an assertion ID cache, OneTimeUse enforcement, or replay detection in the SAML SP code path. This en...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:3 a.m.13 views

Malicious code in @agora-sdk/react-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9febb9d8dda2eea07ef909b9713ca6531c4a5b51a75fd730a312bec8d8a11135 Package is published under the '@agora-sdk' scope, strongly associated with Agora.io's real-time-communications SDKs, but its actual contents are a...

5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

devguard 安全漏洞

Devguard is a software supply chain vulnerability management platform developed by L3montree. Versions prior to 1.2.2 of Devguard contained security vulnerabilities. These vulnerabilities stemmed from SessionMiddleware accepting the X-Admin-Token HTTP request header provided by clients. When no...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.73 views

📄 Pachno 1.0.6 Privilege Escalation

The authorization check in the runSwitchUser action in Pachno version 1.0.6 evaluates the expression !canSaveConfiguration && !hasCookie'originalusername' and only forbids the request when both subexpressions are true. The presence of the originalusername cookie is sufficient to satisfy the secon...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.7 views

CVE-2025-66483

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.9AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

9.1CVSS5.8AI score0.00381EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.3 views

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

9.1CVSS0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/10 5:27 p.m.4 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS5.8AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 5:27 p.m.5 views

EUVD-2026-10707

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS5.8AI score0.00381EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:27 p.m.4 views

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS5.8AI score0.00381EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/10 5:27 p.m.4 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS5.8AI score0.00381EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24340

Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server, an open collaboration infrastructure for The Internet of Agents, did not enforce strong authentication between agents and the server during active sessions. This could allow an...

9.1CVSS5.7AI score0.00381EPSS
Exploits0References6
Rows per page
Query Builder